Richard, One point, going back to your original problem is that in my experience in order to remove the cookie the browser must match all attributes of the cookie, so if the cookie path, domain, secure flag, httponly flag differ you cant delete it unless you match all those parameters. Now I say all but it's possible that all don't need to be an exact match (and that may differ by browser), but I know that some do (eg path and domain).
-- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting & Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? On Thu, Aug 18, 2011 at 5:02 PM, Richard Steele <[email protected]> wrote: > > Well I tried J2EE sessions and we are getting the occasional but > unacceptable "Session is Invalid" error even after changing the web.xml of > each instance to be longer than the session timeout in the application.cfc. > It seems that there may be numerous causes of "Session is Invalid" in CF8 > from improper patching to legitimate CF bugs. Now I'm thinking about going > back to NOT using J2EE. At least CFID and CFToken duplications were just a > few in a thousand. Is there any problem apart from people losing their > sessions, resulting from turning off J2EE sessions? > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:346854 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
